Mon Jun 10 21:51:54 UTC 2013patches/packages/php-5.4.16-x86_64-1_slack14.0.txz: Upgraded. This is a bugfix release. It also fixes a security issue -- a heap-based overflow in the quoted_printable_encode() function, which could be used by a remote attacker to crash PHP or execute code as the 'apache' user. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2110 (* Security fix *)+--------------------------+

Sat Jun 29 22:08:25 UTC 2013patches/packages/mozilla-firefox-17.0.7esr-x86_64-1_slack14.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html (* Security fix *) We had to switch to ESR here as well, as there's a problem running Firefox 22.0 on Slackware 14.0 under KDE (crash when oxygen-gtk2 is installed). Forcing people to uninstall oxygen-gtk2 isn't really an option for a security fix, and upgrading to the latest oxygen-gtk2 did not help. It's possible that future Firefox/Thunderbird security updates will always come from the ESR branch.patches/packages/mozilla-thunderbird-17.0.7-x86_64-1_slack14.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *)+--------------------------+

Wed Jul 10 07:15:30 UTC 2013patches/packages/dbus-1.4.20-x86_64-4_slack14.0.txz: Rebuilt. This update fixes a security issue where misuse of va_list could be used to cause a denial of service for system services. Vulnerability reported by Alexandru Cornea. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2168 (* Security fix *)+--------------------------+

Tue Jul 16 21:18:56 UTC 2013patches/packages/php-5.4.17-x86_64-1_slack14.0.txz: Upgraded. This update fixes an issue where XML in PHP does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113 (* Security fix *)+--------------------------+

Tue Aug 6 05:23:34 UTC 2013patches/packages/bind-9.9.3_P2-x86_64-1_slack14.0.txz: Upgraded. This update fixes a security issue where a specially crafted query can cause BIND to terminate abnormally, resulting in a denial of service. For more information, see: https://kb.isc.org/article/AA-01015 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854 (* Security fix *)patches/packages/httpd-2.4.6-x86_64-1_slack14.0.txz: Upgraded. This update addresses two security issues: * SECURITY: CVE-2013-1896 (cve.mitre.org) Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. * SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that dirty flag is respected when saving sessions, and ensure the session ID is changed each time the session changes. This changes the format of the updatesession SQL statement. Existing configurations must be changed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249 (* Security fix *)patches/packages/samba-3.6.17-x86_64-1_slack14.0.txz: Upgraded. This update fixes missing integer wrap protection in an EA list reading that can allow authenticated or guest connections to cause the server to loop, resulting in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124 (* Security fix *)+--------------------------+